跳到主要內容

臺灣博碩士論文加值系統

(18.97.9.168) 您好!臺灣時間:2024/12/15 05:44
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:范姜俊勛
研究生(外文):Chun-Hsun FanChiang
論文名稱:地圖密碼:一種以地圖為基礎的實用圖形密碼驗証
論文名稱(外文):Pass-Maps:A Usable Map-Based Scheme of Graphical Password
指導教授:雷欽隆雷欽隆引用關係
指導教授(外文):Chin-Laung Lei
學位類別:碩士
校院名稱:國立臺灣大學
系所名稱:資訊網路與多媒體研究所
學門:電算機學門
學類:軟體發展學類
論文種類:學術論文
論文出版年:2008
畢業學年度:96
語文別:英文
論文頁數:47
中文關鍵詞:圖形密碼字典攻擊安全性可用性
外文關鍵詞:graphical passworddictionary attacksecurityusability
相關次數:
  • 被引用被引用:0
  • 點閱點閱:507
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
近年來,許多圖形密碼機制被提出用來克服文字密碼的缺點。然而,先前的一些研究對於圖形密碼的分類並不一致。因此我們根據使用者輸入的動作來對這些圖形密碼作分類,其中包括點選與繪畫。這篇論文提出了一個新概念,藉由把原本空白的背景設置為地圖的方式,來結合以上兩種圖形密碼機制。所以,為了驗証使用地圖的優勢,我們將蒐集來的幾份圖片分成兩組,一組只含有地圖,另一組則為非地圖類別。實驗結果顯示,使用地圖類別所產生的大多數密碼都能有效抵抗現存的圖形字典攻擊。另外,地圖類別使用者比非地圖類別使用者在登入時耗費更少的時間並且擁有更高的成功率。由此可知,我們所提出的機制的確比先前的機制更有效地提升安全性以及可用性。
In recent years, several graphical password schemes are proposed to overcome the drawbacks of text-based passwords. However, the classification of these schemes is not consistent in prior studies. Thus, we classify the existing schemes according to the events of input passwords, clicking and drawing. This thesis also provides a concept of combining the two types of graphical password schemes. We adopt maps as background pictures and conduct a user study to verify the superiority of using maps. We collected several images that are divided into two groups which contain maps and non-maps respectively. The results show that most passwords produced by maps are able to resist the present graphical dictionary attacks. Furthermore, the participants spent less time and had higher success rate to login when using maps. Based on the facts mentioned above, our scheme offers stronger security and better usability than those of the prior scheme indeed.
Chapter 1 Introduction 1
1.1 Research Background 1
1.2 Thesis Contribution 2
1.3 Thesis Organization 4
Chapter 2 Related Work 5
2.1 History 5
2.2 Classification of Graphical Password Schemes 6
2.2.1 Draw-Based Schemes 6
2.2.2 Click-Based Schemes 10
Chapter 3 Design and Analysis of Pass-Maps 15
3.1 Motivation 15
3.2 Review of DAS 17
3.2.1 DAS Encoding 17
3.2.2 Password Space of DAS 18
3.2.3 Prior Studies of DAS 21
3.3 Design of Pass-Maps 27
3.3.1 Adding a Background 27
3.3.2 Adjustable Size of Grids 28
3.3.3 System Description 28
3.3.4 Encoding 30
3.4 Shoulder-Surfing Prevention 31
Chapter 4 Methodology 32
4.1 Objective 32
4.2 Experiment Design 32
4.3 Participants 33
4.4 Procedure 33
Chapter 5 User Study Analysis 34
5.1 Security Analysis 34
5.1.1 Results of Password Length 34
5.1.2 Probability of Symmetry 36
5.1.3 Trend of Selecting Grid Dimension 38
5.1.4 Similarity of User Input 38
5.2 Usability Analysis 40
5.2.1 Time to Login 40
5.2.2 Ultra Success Rate 41
Chapter 6 Conclusions 42
Chapter 7 Future Work 43
1.Klein, D. “Foiling the cracker: A survey of, and improvements to, password security.” In Proceedings of the 2nd USENIX Security Symposium, 1990.
2.Van Oorschot, P. C. and Thorpe, J. “On predictive models and user-drawn graphical passwords. ACM Trans. Inform. Syst. Secur. 10, 4, Article 17, Jan. 2008.
3.Blonder, G. E. “Graphical passwords” United States Patent 5559961, 1996.
4.Suo, X., Zhu, Y., and Owen, G. S. “Graphical passwords: A survey.” In 21st Annual Computer Security Applications Conference(ACSAC) (Dec.5-9), 2005.
5.Jermyn, I., Mayer, A., Monrose, F., Reiter, M., and Rubin, A. “The design and analysis of graphical passwords.” In 8th USENIX Security Symposium, 1999.
6.Syukri, A. F., Okamoto, E. and Mambo, M. “A User Identification System Using System Using Signature Written with Mouse”, in 3rd Australasian Conference on Information Security and Privacy (ACISP): Springer-Verlag Lecture Notes in Computer Sience (1438), pp. 403-441, 1998.
7.Goldberg, J., Hagman, J., and Sazawal, V. “ Doodling our way to better authentication.” In Conference on Human Factor and Computing Systems (April 20-25). ACM Press, New York.868-869. CHI’ 02 extended abstracts on Human Factors in Computer Systems, 2002.
8.Tao, H. “Pass-Go, a New Graphical Password Scheme.” M. S. thesis, School of Information Technology and Engineering, University of Ottawa, Canada, 2006.
9.Real User Corporation. “About passfaces.” http://www.passfaces.com/, site accessed April 22, 2008.
10.Davis, D., Monrose, F., and Reiter, M. “On user choice in graphical password scheme.” In 13th USENIX Security Symposium, 2004.
11.Dhamija, R., 2000. “Hash visualization in user authentication.” In Proceedings of CHI 2000. ACM Press, New York, pp.279-280, 2000.
12.Dhamija, R. and Perrig, A. “ Deja Vu: A user study using images for authentication.” In 9th USENIX Security Symposium, 2000.
13.Perrig, A. and Song D. “Hash visualization: A new technique to improve real-world security.” In International Workshop on Cryptography Techniques and E-Commerce. 131-138, 1999.
14.Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., and Memon, N. “PassPoints: Design and longitudinal evaluation of a graphical password system.” International J. of Human-Computer Studies (Special Issue on HCI Research in Privacy and Security) 63, 102-127, 2005.
15.Nali, D. and Thorpe, J. “Analyzing user choice in Graphical passwords.” Tech Report TR-04-01, School of Computer Science, Carleton University, Canada, 2004.
16.Thorpe, J. and Van Oorschot, P. “On the Security of Graphical Password Schemes (Extended Version).” Tech Report TR-05-11, School of Computer Science, Carleton University, Canada, http://www.scs.carleton.ca/research/tech_repots/2005
/download/TR-05-11.pdf.
17.Thorpe, J. and Van Oorschot, P. “Graphical dictionaries and the memorable space of graphical passwords.” In 13th USENIX Security Symposium, 2004a (Aug.9-13).
18.Thorpe, J. and Van Oorschot, P. “Towards secure design choices for implementing graphical passwords.” In 20th Annual Computer Security Applications Conference(ACSAC2004) (Dec.6-10), IEEE, Los Alamitos CA., 2004b.
19.Tyler, C. “Human symmetry perception.” In Human Symmetry Perception and Its Computational Analysis, C. Tyler, Ed. VSP, The Netherlands. 3-22, 1996.
20.Wagemans, J. “Detection of Visual Symmetries.” In Human Symmetry Perception and its Computational Analysis, C. Tyler, Ed. VSP, The Netherlands. 25-48, 1996.
21.Birget, J. C., Hong, D., and Memon, N. “Graphical passwords based on robust discretization.” IEEE Transactions on Information Forensics and Security 1, 3, 395-399, Sept. 2003.
22.Halderman, J. A., Waters B., and Felten, E. W. “A convenient method for securely managing passwords.” In Proceedings of the 14th International World Wide Web Conference. ACM Press, New York. 471-479, 2005.
23.Jansen, W., Gavrilla, S., Korolev, V., Ayers, R., and R. S. “Picture password: A visual login technique for mobile devices.” NIST Report – NISTIR7030, 2003.
24.Menezes, A. J., Van Oorschot, P. C., and Vanstone, S. A. “Handbook of applied cryptography.” CRC Press , Boca Raton, FL. 290-291. Note 8.8., 1996.
25.Pinkas, B. and Sander, T. “ Securing passwords against dictionary attacks .” In 9th ACM Conference on Computer and Communications Security, ACM Press, 161-170, 2002.
26.Provos, N. and Mazieres, D. “A future-adaptable password scheme.” In Proceedings of the USENIX Annual Technical Conference, 1999.
27.Stubblebine, S., and Van Oorschot, P. “Addressing online dictionary attacks with login histories and humans-in-the–loop.” In Financial Cryptography ''04. Springer-Verlag LNCS (to appear), 2004.
28.Van Oorschot, P. C. and Stubblebine, S. “On countering online dictionary attacks with login histories and humans-in-the–loop.” ACM TISSEC 9, 3 (Aug.), 235-258, 2006.
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top